The use of the Cloud has become a common tool used to store data. Cloud storage allows users to add storage capacity, and sync information and data across devices, and remote computing services . With cloud computing, data can be streamed from cloud storage rather than directly from a device.
Devices can also synchronize or back up data through the Cloud service. Cloud computing allows for on-demand self-service, universal network access, location-independent resource pooling, rapid elasticity, and pay-per-use .
According to the Scientific Working Group on Digital Evidence when data on a local device is encrypted or difficult to decode data can be requested from the cloud provider in an unencrypted or readable form.
They also state that data that has been backed up over time would be useful evidence because it would not be overwritten . Although there are features of the Cloud that are beneficial to forensics investigators there are also several challenges that come along with them…
- A key feature found in cloud computing is the ability for data to be backed up in multiple locations this allows an increase in data storage in the cloud data centers but creates a problem for forensic investigations because the process of search and seizure may become complicated. This can also make it difficult for investigators to know where the data is located on a device and actually acquire it.
- Loss of important artifacts occurs since they cannot be accessed in the cloud data centers due to virtualization. Virtualization is the creation of virtual resources like storage, servers, and networks acquired from a physical machine running in a different location . Virtualization is what gives individuals the ability to resource share among multiple applications.
- Metadata may be lost when downloaded from the cloud. This includes file creation, modification, and access times. This is information that can be crucial to an investigation.
- Another challenge lies in the lack of implemented forensic procedures by Cloud service providers and vice versa. Computer forensic investigators must create viable methods for conducting investigations on data within the Cloud. They need to have the ability to recover deleted data, identify its owner, and reconstruct events with the data.
The complexity of the Cloud and its infrastructure can be daunting and difficult to understand. Investigators need to familiarize themselves with the Cloud’s inner workings so they may provide proper expert witness testimony.
Cloud forensics can be both beneficial and challenging. As the capabilities and knowledge of cloud computing grow, investigators must adapt their procedures and data collection to cloud forensics. Computer forensics continues to change as new technology and devices are introduced. Mastering the issues and challenges in cloud forensics will further solidify the usefulness of digital evidence in forensic investigations.